Trojan GGTracker attacks Android users

Lookout Security Firm as identified a new Android Trojan named GGTracker that is downloaded to a user’s phone after visiting a malicious webpage that imitates the Android Market. The Trojan then proceeds to sign up the user to premium SMS services without their knowledge.

The Trojan targets only U.S. Smartphone users when they click on a malicious in-app advertisement. The website lures users to click-through to download and install an application one of which is a fake battery optimizer called "t4t.pwower.management", and another is a porn app called "com.space.sexypic".

After the application has been installed, GGTracker registers the user for premium subscription services. The Trojan carries out this task by contacting another server in the background where the malicious behavior intercepts crucial confirmation data to charge users without their consent or knowledge.

Lookout advises that users can protect themselves from malicious webpage’s by taking a few precautions:

After clicking on an advertisement, make sure the page and URL matches the website the advertisement claims it’s sending you to.

Download apps only from trusted sources. Also look at the developer’s name, reviews, and star ratings. If you are suppose to be on the Android Market, check the URL to make sure you are on the Market and not redirected to another site.

Always monitor your phone for any unusual behavior like unusual SMS messages, strange charges on your phone bill or unusual network activity. Check all apps running in the background and investigate any that you think should not be running.

Don’t download any third party apps by making sure "unknown sources" is not check off in "application settings" in your android system.

Download a mobile security app for your phone that scans every app you download to ensure its safe.

2 Comments

It seems the application is installed through the "fake" Android Market site. The site asks you if you want to install an application (in one case a battery optimizer and in another a porn app ). Once installed, the virus makes its "job" without user's knowledge.